E-commerce companies no longer have to worry about battling traditional fraud —exclusively, that is. Now such service businesses also have to take up arms against “fast fraud.”
That’s the phrase used by Chris Uriarte, chief strategy and payments officer at Vesta, a provider of payment services based in Atlanta. According to Uriarte, the spread of smartphone use, combined with the growth of digital goods, has spawned a new category of crime. Scam artists don’t need a physical credit card to swipe digital merchandise. The thieves not only exploit weaknesses in online and mobile fraud-prevention systems, but they also take advantage of the opportunity to quickly resell their ill-gotten stash on the secondary market.
“Since day one when people started buying things over the Internet, there has been fraud—people stealing credit-card information, purchasing goods and having them shipped to a physical location,” says Uriarte. “In that world, it took days or even a week to perpetrate the crime. Now it’s being done in real-time.” The reason: shoppers’ habits have evolved, meaning that they are now comfortable buying such instantly available intangibles as e-tickets and digital media.
In 2014, consumers spent an estimated $6 billion on digital gift cards and $4.5 billion on downloadable music. The thieves, says Uriarte, “move at a pace than is quicker than the merchants can detect them.” Of course, e-commerce companies needn’t develop the expertise in-house to keep up with the criminals; they can outsource the job to third party providers.
Even so, companies need to make sure they have processes in place to detect fraud—fast or otherwise. Here are three suggestions:
- Train employees to ask the right questions. When orders come in by phone, customer-service agents should collect information that they can easily verify. That means not only validating the shipping address, but also asking about the cross-streets. Get the number where customers are calling from, and use a reverse-phone lookup to see if it matches the address.
- Tighten Security Policies. Restrict access to systems to those who absolutely need it and conduct regular audits to track who is logging on and how frequently—and to flag any anomalies. By instituting such procedures, companies can protect both the system and the data it houses. “There are still many big merchants who don’t follow these policies,” says
- Talk openly about security. “Very often companies don’t speak to their employees about the scenarios that can occur,” says Uriarte. “Somebody might call up at night and say, ‘I’m from the database vendor, and I received a call about an incident. I need to access the system.’” Without awareness that such scams exist, an employee might inadvertently enable a hacker to perpetrate a crime. “People have to realize that these security challenges and problems are real,” says Uriarte. “The head-in-the-sand approach is not really a good approach anymore.”